Biometric authentication of mobile financial transactions by trusted service managers

ABSTRACT

A method for authenticating a financial transaction at a point of sale (POS) includes storing an application program in a first secure element of a mobile phone. The application is configured to generate instruction codes to effect the financial transaction upon verification of a user&#39;s identity. The user&#39;s credentials are stored in a second SE of the phone, which is operable to verify the user&#39;s identity from a biometric trait of the user input to the phone and to generate data authenticating the financial transaction in response to the verification of the user&#39;s identity. At the POS, the user invokes the application and then inputs a biometric trait to the phone. The second SE verifies the user&#39;s identity, and upon verification, generates data authenticating the transaction. The financial transaction data, including the instruction codes and the authenticating data, are then transmitted from the phone to the POS.

RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.12/414,323, filed Mar. 30, 2009, now U.S. Pat. No. 8,150,772, Apr. 3,2012, and claims the benefit of U.S. Provisional Application Nos.61/059,395 and 61/059,907, filed Jun. 6, 2008 and Jun. 9, 2008,respectively, the respective disclosures of which are incorporatedherein by reference.

BACKGROUND

1. Technical Field

This disclosure relates to electronic financial transactions in general,and more particularly, to methods and systems for biometricauthentication of financial transactions by a trusted service manager(TSM).

2. Related Art

“Contactless technology” refers to short distance communications betweentwo devices that are not physically connected. A wide variety ofcontactless technology exists today. Near Field Communication (NFC) is aspecific type of contactless technology that is of high importance toMobile Network Operators (MNOs) and to Service Providers (SPs), such asbanks, credit card issuers and other payment service providers. NFC is ashort-range, high frequency, wireless, RF communication technology thatenables the exchange of data between devices typically over about a 10centimeter (or about 4 inches) distance, thus providing a fast, simpleand secure way for a user to effect a wide range of contactless serviceswith a mobile device, such as a mobile telephone or personal digitalassistant (PDA).

One example of an NFC technology application is financial transactions.NFC mobile devices and other types of contactless devices, such as radiofrequency-enabled credit/debit cards, key fobs, and the like areexperiencing rapid growth worldwide in various industries, includingtransportation, retail, parking and other industries, that will nowaccept NFC mobile payments and other types of contactless payments.

As an example, wireless mobile devices that include an NFC device and asmart card, which can use radio frequency identification (RFID)technology for identification purposes, can enable a person to effect asimple financial transaction, such as the purchase of a retail item, ina convenient, secure manner. Typically, a consumer waves the wirelessmobile NFC device near a “reader” to effect a monetary transfer, and thepurchase price of the item is deducted from a total amount that isavailable and stored on a “smart card” of the wireless mobile device.Optionally, the amount of the item can be forwarded to a server that canidentify the purchaser through a unique identification code of thepurchaser and then subsequently debit a credit or deposit account of thepurchaser appropriately for the purchase of the retail item. SuchNFC-based point of sale (POS) transactions provide several advantages,such as eliminating the need to carry cash and enabling faster, moreconvenient and secure financial transactions.

Because customers are interested in being able to use their mobiledevices for contactless services, a new mobile NFC “ecosystem,”illustrated in FIG. 1, has been defined by the Global System for Mobilecommunication Association (GSMA), which is a global trade associationrepresenting over 700 GSM mobile phone operators throughout the world.(See, e.g., “Mobile NFC Services,” GSMA, Version 1.0, February 2007). Asillustrated in FIG. 1, such ecosystems involve a variety of differentplayers or entities and new roles for such players, including:

-   -   Customer—the customer is a customer of a merchant and subscribes        to a Mobile Network Operator (MNO) and a service provider.    -   MNO—the MNO provides a full range of mobile services to the        Customer, and can also provide Universal Integrated Circuit        Cards (UICCs) and NFC terminals, plus Over the Air (OTA)        transport mechanisms.    -   Service Provider (SP)—the SP provides contactless services to        the Customer. Examples of SPs include banks, credit card issuers        as well as public transport companies, loyalty programs owners,        and the like.    -   Retailer/Merchant—the retailer/merchant can operate an NFC        capable point of sale (POS) terminal.    -   Trusted Service Manager (TSM)—the TSM securely distributes and        manages NFC applications and can have, for example, a direct or        an indirect relation to the SPs, e.g., via clearing houses, such        as the Automated Clearing House (ACH), the Electronic Payment        Network (EPN) or the Visa/MasterCard network.    -   Handset, NFC Chipset and UICC Manufacturers—the Manufacturers        produce mobile NFC/communication devices and the associated UICC        hardware.    -   Reader Manufacturer—the reader manufacturer makes NFC reader        devices.    -   Application Developers—the application developers design and        develop mobile NFC applications, including financial transaction        applications.    -   Standardization bodies and industry associations—develop global        standards for NFC that enable interoperability, backward        compatibility and future development of NFC applications and        services.

As will be appreciated, successful implementation of NFC technologiesrequires cooperation between the many disparate players of the GSMAecosystem. Each player can have its own expectations, for example, theCustomer expects convenient, friendly and secure services within atrusted environment; the SPs want their applications to be housed andused in as many mobile devices as possible; and the MNOs want to providenew mobile contactless services that are secure, of high quality andconsistent with the existing services experienced by the Customer. Butalthough each player can have its own culture and expectations, they allhave the same basic requirement, viz., the need for security andconfidentiality.

The Trusted Service Manager (TSM), in particular, brings trust andconvenience to the complex, multi-player NFC ecosystem. The TSM roleincludes providing a single point of contact for the SPs, e.g., banks,to access their respective customer bases through the MNOs, and tosecure download and lifecycle management for mobile NFC applications onbehalf of the SPs. It should be understood that the TSM does not disruptthe SP's business model, as the TSM does not participate directly in thetransaction stage of the service, but rather, only indirectly.

In addition to NFC based POS payments, there are a number of otherpayment models currently prevalent in the mobile industry including:

(i) Short Message Service (SMS)—SMS is a communications protocol thatallows the interchange of short text messages between mobile devices;and,

(ii) Mobile Internet-based payments—Customers routinely search for andpurchase products and services through electronic communications withonline merchants over electronic networks, such as the Internet.

Regarding the latter, individual customers may frequently engage intransactions with a variety of merchants through, for example, variousmerchant websites. Although a credit card can be used for makingpayments over the Internet, a disadvantage of online credit card usageis that online merchants can be exposed to high fraud costs and“chargeback fees” because there is no credit card authenticationsignature with an online sale.

In the case of in-person POS payments made with payment cards, such aswith Master Cards or Visa cards in the U.S., or a “Chip and PIN” card inthe U.K., current authentication is by means of the purchaser'sprovision of a signature or a personal identification number (PIN).

Accordingly, systems and methods are needed for authenticating NFC basedPOS transactions securely and reliably without the need for signaturesor PINs, and more particularly, for authentication of POS transactionsusing a biometric trait, such as a fingerprint, that can be input via adata communication device of the user, e.g., the user's mobile phone.

SUMMARY

In accordance with the present disclosure, methods and apparatus areprovided that enable the authentication of financial transactions to beindirectly effected as a value added service by a service provideracting as a TSM for credit/payment provider companies in which biometricauthentication data of the transactions is provided directly at the POSvia an NFC enabled mobile telephone without the need for thecredit/payment providers having to provide it.

In one embodiment, a method for authenticating a financial transactionat a point of sale (POS) includes storing an application program in afirst secure element (SE) of a mobile phone equipped with a userbiometric trait input device. The application program is configured togenerate instruction codes to effect the financial transaction uponverification of a user's identity. The credentials of the user arestored in a second SE of the phone, which is operable to verify theuser's identity from a biometric trait of the user input to the phoneand to generate data authenticating the financial transaction inresponse to the verification of the user's identity.

At the POS, the user activates the phone, invokes the applicationprogram thereon and inputs a biometric trait to the phone, e.g., swipesa thumb on a fingerprint reader of the phone. The second SE verifies theuser's identity from the biometric trait input to the phone, and uponsuch verification, generates data authenticating the transaction. Thedata of the financial transaction, including the instruction codestherefor and the data authenticating the financial transaction, are thentransmitted from the phone to a data communication device at the POS,which in one embodiment, can be effected via a NFC link between thephone and the POS device.

One or more of the storing of the application program in the first SE,the storing of the user's credentials in the second SE, and thegenerating of the data authenticating the transaction in response to theverification of the user's identity can comprise a value added serviceperformed by a trusted service manager (TSM) on behalf of a third partycredit or a payment service provider.

A better understanding of the above and many other features andadvantages of the novel TSM transaction authentication systems andmethods of the present disclosure can be obtained from a considerationof the detailed description of some example embodiments thereof below,particularly if such consideration is made in conjunction with theseveral views of the appended drawings, wherein like elements arereferred to by like reference numerals throughout.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic representation of a mobile NFC “ecosystem” definedby the Global System for Mobile communication Association (GSMA);

FIG. 2 is a schematic representation of the architecture of an exampleembodiment of an electronic payment system in accordance with thepresent disclosure;

FIG. 3 is a functional block and data flow diagram of an exampleembodiment of a mobile phone equipped with a POS transactionauthenticating Secure Element (SE) architecture in accordance with thepresent disclosure engaged in transactional communication with amerchant's Point Of Sale (POS) device in accordance with the presentdisclosure; and,

FIG. 4 is flow diagram of an exemplary embodiment of a method for makinga biometrically authenticated NFC based payment at a POS in accordancewith the present disclosure.

DETAILED DESCRIPTION

In accordance with the embodiments described herein, methods and systemsare provided that enable financial service providers, such as PayPal,acting in the role of a Trusted Service Manager (TSM), to authenticateNFC based POS transactions using biometric identifier traits, such as afingerprint, that can be input via a data communication device of theuser.

FIG. 2 is a schematic representation of an example embodiment of anelectronic payment system in accordance with the present disclosure. Afinancial transaction using, for example, an NFC based Point of Sale(POS) payment system, can be made using a client data communicationdevice 130, such as an NFC enabled mobile phone, to a retailer ormerchant via a retailer or merchant server 110. It should be appreciatedthat although an NFC application is illustrated in this embodiment, thesystem is not limited to NFC applications, but can also apply to othertypes of applications, for example, video game consoles, DVRs, and otherappliances.

The client device 130 can be implemented using any appropriatecombination of hardware and/or software configured for wired and/orwireless communication over a network. For example, in one embodiment,the client device 130 can be implemented as a personal computer of auser 120 (also referred to herein as a “customer” or “consumer”) incommunication with the Internet or another network, such as a publicswitched telephone network (PSTN) and/or a private data network. Inother embodiments, the client device 130 can be implemented as awireless telephone, personal digital assistant (PDA), key fob, smartcard, notebook computer or other type of data communication device.Furthermore, the client device 130 can be enabled for NFC, Bluetooth,online, infrared communications and/or other types of wireless datacommunication channels.

The client device 130 can include various applications as might bedesired in particular embodiments to provide desired features to theclient device 130. Such applications could include, for example,security applications for implementing client-side security features,programmatic client applications for interfacing with appropriateapplication programming interfaces (APIs) over a network, or other typesof applications.

The client device 130 can further include one or more user identifiersthat could be implemented, for example, as operating system registryentries, cookies associated with a browser application, identifiersassociated with hardware of client device 130, or other appropriateidentifiers. In one embodiment, a user identifier can be used by apayment service provider 140 to associate the client device 130 or theuser 120 with a particular account maintained by a payment serviceprovider 140, such as PayPal, as described in more detail below.

Of importance, the client device 130 can further include a device usefulfor biometric authentication, such as a integral fingerprint scanner.Increasingly today, mobile phones are being equipped with such devices.When the phone is “flipped,” or activated, the biometric trait readerreads the fingerprint of the user, confirms the identity of the userfrom the biometric trait, and upon confirmation of the user's identity,unlocks a credential/payment instrument located in one or more SecureElement(s) incorporated in the phone. As discussed in more detail below,when the phone is then “tapped” on an NFC enabled POS, an authenticatedpayment is effected via the user's biometric data input to the phone.

The merchant server 110 could be maintained, for example, by a retaileror by an online merchant offering various products and/or services inexchange for payment to be received over a network, such as theInternet. The merchant server 110 can be configured to accept paymentinformation from the user 120 via, for example, the client device 130and/or from a payment service provider 140 over a network. It should beappreciated that although a user-merchant transaction is illustrated inthis particular embodiment, the system can also be applicable touser-user, merchant-merchant and/or merchant-user transactions.

The merchant server 110 can use a secure gateway 112 to connect to anacquirer 115. Alternatively, the merchant server 110 can connectdirectly with the acquirer 115 or a processor 120. Once verified, theacquirer 115, which can also have a relation or subscription with thepayment service provider 140, processes the transaction through theprocessor 120 or the payment service provider 140. “Brands” 125, forexample, bank payment card issuers, which also have a relation orsubscription with the payment service provider 140, are then alsoinvolved in the payment transaction so as to enable the user 120 tocomplete the purchase.

The payment service provider 140 can have data connections 155, 156, 157and 158 with a subscriber client device 130, a subscriber acquirer 115,a subscriber processor 120 and/or a subscriber brand 125, respectively,to communicate and exchange data. Such data connections 155, 156, 157and 158 can take place, for example, via the Short Message Service (SMS)or a Wireless Application Protocol (WAP) over a network. In addition,according to one or more embodiments, the payment service provider 140can have a data connection 160 with subscriber Internet companies,Internet mortgage companies, Internet brokers or other Internetcompanies 150.

The payment service provider 140, which can be an online paymentprovider, can provide payment on behalf of the user 120 to the operatorof the merchant server 110 via the network 210. In this regard, thepayment service provider 140 includes one or more payment applicationsthat can be configured to interact with the client device 130 and/or themerchant server 110 over the network 210 to facilitate the purchase ofitems by the user 120 from the merchant server 110. In one embodiment,the payment service provider 140 can be provided by PayPal.

Each of the client data communication device 130, the merchant server110, and the payment service provider 140 can include one or moreprocessors, memories, and other appropriate components for executinginstructions, such as program code and/or data stored on one or morecomputer readable mediums to implement the various applications, data,and methods described herein. For example, such instructions can bestored in one or more computer readable media, such as memories or datastorage devices internal and/or external to various components of thesystem, and/or accessible over a network, which can be implemented as asingle network or a combination of multiple networks, for example, theInternet or one or more intranets, landline networks, wireless networks,and/or other appropriate types of networks.

As discussed above, the payment service provider 140 can also serve inthe role of a Trusted Service Manager (TSM). In one example embodimentof this, the payment service provider 140, acting in the role TSM, canwork cooperatively with a Mobile Network Operator (MNO) to incorporatean authentication certificate issued by the payment service provider,acting as a Certificate Authority (CA), in a Secure Element (SE) orSubscriber Identity Module (SIM) card 215 of a client device 130. ThisSE or SIM card can follow security guidelines, such as The FederalInformation Processing Standard (FIPS) Publication 140-2 (FIPS 140-2Level 2/3), a U.S. government computer security standard issued by theNational Institute of Standards and Technology (NIST) and used toaccredit cryptographic modules. The client device 130 can already havepayment service provider issued certificates and user biometric traitinformation, such as the user's digitized fingerprint, stored within itfor personalization purposes. When customers or users activate theirpayment service provider application 225, such as a PayPal paymentapplication, which can also be incorporated in the client device 130 inan “application SE,” the users or customers are asked to select a PIN,which can be optional or mandatory. The PIN protects the private key ofthe authenticating certificate.

When a transaction, for example a financial transaction using NFCservice application 217 of an NFC enabled client device 130, is made viaa payment service provider 140 such as PayPal, the service provider 140receives signature information in the form of, for example, a X.509certificate. X.509 is an ITU-T standard for a public key infrastructure(PKI) for single sign-on and Privilege Management Infrastructure (PMI).This X.509 signature information is typically maintained for eachregistered user of the service provider 140. The signature informationcan be a digital signature and can include a time stamp, dollar amount,transaction type, item, and even location, which can be determined froma GPS enabled client device 130. Signature information can also bepreloaded in client device 130 in, for example, other applications, suchas EMV (Europay, MasterCard, Visa), a standard for interoperation of ICcards (“Chip cards”) and IC capable POS terminals and ATM's, forauthenticating credit and debit card payments, or Elliptic CurveCryptography (ECC), another form of public-key cryptography, in additionto X.509. In addition to NFC, the client device 130 can also be enabledfor, e.g., Bluetooth, infrared or other types of communications and/ortransactions.

FIG. 3 is a functional block and data flow diagram of an exampleembodiment of a client device 120 that comprises an NFC enabled mobilephone 300 engaged in transactional communication with a NFC enabledPoint Of Sale (POS) data communication device 120 of, e.g., a merchant,in accordance with the present disclosure. In the particular embodimentof FIG. 3, the phone 300 is equipped with a biometric trait data inputdevice 302, such as a fingerprint scanner, a POS transactionauthenticating “Payment/Wallet” Secure Element (SE) 304, an“Application” SE 306, and an NFC communication module 308, as describedabove. With reference to FIG. 3, it can be noted that the two SEs 304and 306 comprise two separate elements, viz., a Payment/Wallet SE 304,which can be, e.g., a SIM card, that stores only payment instruments,certificates, keys, user accounts, credentials and biometric traitauthentication data, and the like, and an Application SE 306, which canalso be a SIM card, that stores only application programs 310 adaptedto, e.g., generate instruction codes to effect final transactions, suchas the purchase of goods or services or the transfer of money to or fromthe user. Thus, no user payment instruments, account data, certificates,keys or credentials reside in the Application SE 306. In the particularembodiment illustrated, the Payment/Wallet SE 304 supports biometrictrait authentication of the user, and the two SEs 304 and 306 aretherefore split into two separate devices because, once thePayment/wallet SE 304 is certified by the TSM, such as throughMasterCard or VISA, with the user's biometric trait data and othercredential data, the phone 300 is then TSM-certified for use. Then, ifit later becomes desirable to modify application programs of or addadditional programs to the Application SE 306, a new or re-certificationprocedure does not have to be performed each time they are modified oradded, because applications do not need to be certified, whereas,Payment/Wallet SEs 306, containing as they do the user'sTSM-authenticated credentials, must be certified by the TSM before usewith the affected payment service providers.

The initial set-up or programming of the Payment/Wallet SE 306 needs tobe done only once, and can be performed at the premises of the TSM, oralternatively, over the air (OTA). Likewise, new or updated applicationscan be uploaded to the Applications SE 304 of the phone 300 eitherlocally or OTA.

In one advantageous embodiment, the Payment/Wallet SE 306 can also beconfigured to store a list of transactions or account or receiptmanagement information that can be viewed by the user at will on thephone 300 and/or downloaded to a PC for integration with the user'smoney management tools, such as Quicken, Microsoft Money, dedicatedtoolbars, or other PC software, such as expense management and expensesubmission tools and flexible spending account submissions.

As discussed above, current authentication of transactions via paymentcards is typically by way of a user's signature or PIN. In Europe,authentication can also be via “Chip and PIN”. However, as illustratedin FIG. 3, in accordance with the present disclosure, the authenticationof financial transactions, such as at a POS 110, can be indirectlyeffected as a value added service by a service provider acting as a TSMfor credit/payment provider companies, such as MasterCard and Visa, inwhich POS biometric authentication occurs directly via the mobile phone300. This biometric authentication can serve as signature/PIN/Chip andPIN/ARQC-ARPC authentication for all transactions. The authenticatedtransaction is then submitted to the POS device 110 via the NFC linkbetween the NFC communication module 308 of the phone 300 and the POSdevice 110. The POS device 110 receives the transaction as apre-verified or pre-authenticated request, and in turn, transmits it tothe host processor 120 for further processing in the form of an ISO 8583message containing a Card Verification Value (CVV) code or a ContactlessCard and Chip Verification (iCVV) code field, and other information,such as a Stored-Value Card (SVC) code and/or a bank identificationnumber (BIN) code. Thus, a user's initial input of a biometric trait viathe input device 302 can be used both to unlock the phone 300 and toauthorize financial transactions without the need for the credit/paymentproviders having to do so.

FIG. 4 is flow diagram of an exemplary embodiment of a method 400 formaking a biometrically authenticated NFC based payment at a POS 110using the NFC and biometric trait data enabled phone 300 of FIG. 3 inaccordance with the present disclosure. With reference to FIG. 4, themethod 400 begins at S402 with the one-time setup or user registrationprocedure with the TSM as described above.

After the initial registration of the user with the TSM is complete,during which step S402, the Payment/Wallet SE 304 of the phone 330 isprogrammed with the user's credentials and the Application SE 306 of thephone 300 is programmed with one or more suitable financial transactionapplication programs 310, the phone 300 is then ready for use in makingauthenticated financial transactions. In an example purchase transactionat a POS 110, such as illustrated in FIG. 3, the user, in the role of apurchaser, can, at S404, first activate the phone 300, e.g., by openingit. At S406, the user can then select a “Make Payment” button on thephone 300. Selecting the Make Payment button invokes a suitable paymentapplication program 310 in the Application SE 306 of the phone 300 thatis adapted to, among other things, read a biometric trait of the user,e.g., the user's thumb-print and request verification of it by thePayment/Wallet SE 304.

At S408, the user-purchaser then swipes his or her thumb on thebiometric trait input device 302 of the phone 302, and at S410, thisbiometric trait input is fed directly to the Payment/Wallet SE 304 ofthe phone 300 via a “tunnel” circuitry 312. Optionally, the thumb swipecan also be operable to unlock the phone for use. Preferably, a tunnelcircuit 312 is used for security purposes because the architecture ofthe user's fingerprint is such that it can otherwise be captured by anapplication on a mobile phone. To prevent this, a tunnel encryptioncircuitry 312 that is FIPS 140-2 level 3 compliant is incorporated inthe phone 300 so that the fingerprint data goes directly to thePayment/Wallet SE 304 of the phone 300 for authentication and unlocking.

At S412, the payment application 310 that was invoked by pressing theMake Payment button sends a message to the Payment/Wallet SE 304requesting user verification and payment authentication. At S414, whenthe Payment/Wallet SE 304 verifies the user's thumbprint, and basedthereon, authenticates the payment, the Payment/Wallet SE 304 sends theauthenticated payment (or other) instructions back to the paymentapplication 310, which then sends it to the NFC communication module 308of the phone 300.

At S416, when the user then “taps” the phone 300 on the merchant's POSdevice 110, the pre-authenticated payment instructions are transmittedvia an NFC link to the POS device 110, and thence, to the merchant'sprocessor device 110. As above, the payment instructions include notonly all of the payment information needed to effect the transaction,such as the user's account information or credit balance, but also allof the information necessary to authenticate the transaction, includingCVV, iCVV, SVC and/or BIN codes, without the need for the credit/paymentservice providers having to provide it.

As those of skill in this art will appreciate, although the foregoingmethod is described in the context of a transaction involving a purchaseof goods or services at a POS, it is evident that it can be madeapplicable to other types of financial transactions, such as the depositor withdrawal of cash at an automated teller machine (ATM).

Although various components and steps have been described herein asbeing associated with the client device 130, merchant server 110, andpayment service provider 140 of FIGS. 1-3, it is contemplated that thevarious aspects of such servers illustrated in FIGS. 1-3 can bedistributed among a plurality of servers, devices, and/or otherentities. For example, in one embodiment, transaction record processingapplication 290 and transaction records 295 can be implemented by anentity separate from payment service provider 140. Accordingly, in suchan embodiment, communications described herein performed in relation totransaction record processing application 290 and transaction records295 can be provided to a separate entity and need not be routed throughpayment service provider 140 in all instances.

Where applicable, various embodiments provided by the present disclosurecan be implemented using hardware, software, or combinations of hardwareand software. Also where applicable, the various hardware componentsand/or software components set forth herein can be combined intocomposite components comprising software, hardware, and/or both withoutdeparting from the spirit of the present disclosure. Where applicable,the various hardware components and/or software components set forthherein can be separated into sub-components comprising software,hardware, or both without departing from the spirit of the presentdisclosure. In addition, where applicable, it is contemplated thatsoftware components can be implemented as hardware components, andvice-versa.

Software in accordance with the present disclosure, such as program codeand/or data, can be stored on one or more computer readable media. It isalso contemplated that software identified herein can be implementedusing one or more general purpose or specific purpose computers and/orcomputer systems, networked and/or otherwise. Where applicable, theordering of various steps described herein can be changed, combined intocomposite steps, and/or separated into sub-steps to provide the featuresdescribed herein.

The foregoing disclosure is not intended to limit the present disclosureto the precise forms or particular fields of use disclosed. It iscontemplated that various alternate embodiments and/or modifications tothe present disclosure, whether explicitly described or implied herein,are possible in light of the disclosure.

Although the apparatus and methods of the present invention have beendescribed and illustrated herein with reference to certain specificexample embodiments thereof, it should be understood that a wide varietyof modifications and variations can be made to these without departingfrom the spirit and scope of the invention, as defined by the claimsappended hereafter and their functional equivalents.

What is claimed is:
 1. A method for authenticating a financialtransaction, the method comprising: storing credentials of a user in afirst secure element (SE) of a data communication device of the user,the credentials including user biometric authentication data and datafor authenticating financial transactions of the user by a trustedservice manager (TSM); and storing an application program in a second SEof device separate from the first SE, wherein the first SE is operablein response to a request from the application program to verify theuser's identity from a biometric trait of the user input to the device,generate data authenticating the financial transaction by the TSM uponverifying the user's identity, and transmit the authenticating data tothe second SE; and the application program is operable when invoked bythe user to prompt the user to input the biometric trait into thedevice, request verification of the biometric trait and authenticationof the financial transaction by the TSM from the first SE, and generatetransaction instruction codes to effect and authenticate the financialtransaction by the TSM upon receipt of the authenticating data from thefirst SE.
 2. The method of claim 1, further comprising: invoking theapplication program on the user's device at a point of sale (POS) of avendor; inputting the biometric trait of the user into the user'sdevice; transmitting the data of the financial transaction, includingthe transaction instruction codes and data authenticating the financialtransaction, from the user's device to a data communication device atthe POS, and transmitting the data of the authenticated financialtransaction from the POS device to a transaction processing device ofthe vendor.
 3. The method of claim 2, wherein the transmitting of thetransaction data from the user's device to the POS device is effectedthrough a near field communication (NFC) link between the two devices.4. The method of claim 3, wherein the transmitting of the transactiondata from the user's device to the POS device comprises bringing the POSdevice and the user's device to within a distance of about 10centimeters or less from each other.
 5. The method of claim 2, whereinthe inputting comprises transmitting data corresponding to the biometrictrait directly from a biometric trait input device of the user's deviceto the first SE via a data encryption tunnel circuit.
 6. The method ofclaim 2, wherein the POS data communication device comprises anautomated teller machine (ATM), and further comprising depositing cashin or vending cash from the ATM to the user.
 7. The method of claim 1,wherein the biometric trait comprises a fingerprint of the user.
 8. Themethod of claim 1, wherein the user's device comprises a mobile phoneand at least one of the first and second SEs comprises a SubscriberIdentity Module (SIM) card.
 9. The method of claim 8, wherein theinputting is operable to unlock the phone for use.
 10. The method ofclaim 1, wherein the data authenticating the transaction comprises oneor more of a Card Verification Value (CVV) code, a Contactless Card andChip Verification Value (iCVV) code, a Stored-Value Card (SVC) code or abank identification number (BIN) code.
 11. The method of claim 1,wherein one or both of the storing of the user's credentials in thefirst SE and the storing of the application program in the second SE isperformed by the Trusted Service Manager (TSM).
 12. An apparatus forauthenticating a financial transaction, the apparatus comprising: a datacommunication device of a user, the device having separate first andsecond secure elements (SEs), the first SE storing credentials of theuser, including data for authenticating financial transactions of theuser by a third party trusted service manager (TSM), the second SEstoring an application program, the first SE being operable in responseto a request from the application program to verify the user's identityfrom a biometric trait of the user input to the device, generate dataauthenticating the financial transaction upon verifying of the user'sidentity, and transmit the authenticating data to the second SE; and theapplication program being operable when invoked by the user to promptthe user to input the biometric trait into the device, requestverification of the biometric trait and authentication of the financialtransaction from the first SE, and generate transaction instructioncodes to effect and authenticate the financial transaction upon receiptof the authenticating data from the first SE.
 13. The apparatus of claim12, wherein the user's device comprises a fingerprint reader.
 14. Theapparatus of claim 13, wherein the fingerprint reader is coupled to thefirst SE via a data encryption tunnel circuit.
 15. The apparatus ofclaim 14, wherein the data encryption tunnel circuit complies with theFederal Information Processing Standard (FIPS) Publication 140-2 (FIPS140-2) Level 3 standard.
 16. (currently amended amended) The apparatusof claim 12, wherein the credentials of the user further comprise one ormore of a user payment instrument, a user certificate, a user accountkey, a user account or user biometric trait authentication data.
 17. Anon-transitory machine-readable medium comprising a plurality ofmachine-readable instructions which, when executed by one or moreprocessors of a data communication device of a user, are adapted tocause the one or more processors to perform a method, comprising:running an application program that prompts the user to input abiometric trait of the user into the device; verifying the user'sidentity from the biometric trait input to the device; generating dataauthenticating a financial transaction of the user by a third partytrusted service manager (TSM) from data previously stored in the deviceby the TSM in response to the verifying of the user's identity; andgenerating transaction instruction codes operable to effect andauthenticate the financial transaction, wherein the verifying and thegenerating of the authenticating data are effected by a Payment/Walletsecure element (SE) of the device storing credentials of the user, andthe prompting and the generating of the transaction instructions codesare effected by an Application SE of the device in which the applicationprogram is stored.
 18. The medium of claim 17, wherein: the credentialsof the user comprise one or more of a user payment instrument, a usercertificate, a user account key, a user account or user biometric traitauthentication data; and, the data authenticating the transactioncomprises one or more of a Card Verification Value (CVV) code, aContactless Card and Chip Verification Value (iCVV) code, a Stored-ValueCard (SVC) code or a bank identification number (BIN) code.
 19. Themedium of claim 17, wherein: the user's data communication devicecomprises a mobile phone; and the method further comprises transmittingthe transaction instruction codes to a data communication device of avendor via a wireless link.
 20. The medium of claim 19, wherein the linkcomprises a near field communication (NFC) link.